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(54) Resource retrieval over a data network 

(57) A method of downloading resources to a client 
(1) from a content server (3) over a data network. A 
resource request message is sent from the client (1). 
and is intercepted at a proxy (2) located in the data net- 
work between the client (1) and the content server (3). 
A header request Is sent from the proxy (2) to the con- 
tent sen/er (3), requesting Ihe content server (3) to 
transmit a header, associated with the requested 
resource, to the proxy (2). The header Is received at the 
proxy (2) which determines whether or not the header 
contains billing and/or access restrictions. In the event 
that the header does contain billing and/or access 
restrictions, the client's right to receive the requested 
resource is authenticated and, providing the client is 
authenticated, the resource request message is deliv- 
ered from the proxy (2) to the content server (3) and 
sut)sequently the resource is downloaded from the con- 
tent sender (3) to the client (1). 
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Description 

[0001 ] The present invention relates to a method and 
apparatus for retrieving resources from a content server 
over a data network and in particular, though not neces- 
sarily, to a method and apparatus for enhancing World 
Wide Web services. 

[0002] The Internet Is a global open communications 
network connecting a great number of local area net- 
worts, such as networks of various compart es. univer- 
sities and other organizations. These networt<s may be 
used by a large number of independent worietations 
and computer devices. An indlvidial client may have a 
direct connection to these local area networks or may 
be connected to them through a PSTN (Public Switched 
Telephone Network) or an ISDN (Integrated Digital 
Services network) using a modem or similar device. 
[0003] The two most often used communication proto- 
cols for the Internet are TCP and IP (transport Control 
Protocol and Internet Protocol respectively). In most 
cases the service provider provides the various serv- 
ices by utilizing so called WWW (WorkI Wide Web) and 
HTTP (Hypertext Transfer Protocol) protocols to pro- 
vkje a graphical Internet interface for the client terminal 
which is typically a data processing device such as a 
microcomputer. The WWW contains, e.g. HTML docu- 
ments (HyperText Markup Language) i.e. "hyperdocu- 
me^ts^ one such document forming one entity which 
can contain text, pictures, even moving pictures, sound, 
links to other documents and even links to other serv- 
ices. The skilled person is aware that "services" refers in 
this connection to various kinds of features, products* 
sendees such as electronic mail, electronic phone book, 
entertainment, ass'^tance and advisory services etc.. 
advertisement games, videos and the like which are 
accessible through various commuracations networks. 
[0004] It is an object of the present invention to 
enhance the operation of a data network content server 
by enak^iing it to communicate transparently with an 
external billing and authentication server or service, e.g. 
an Internet Service Broker, to offer value-added logistic 
sen/ices. 

[0005] According to a first aspect of tiie present inven- 
tion there Is provided a method of downloading 
resources to a client from a content server over a data 
network, the method comprising: 

serxfing a resource request message from the cli- 
ent; 

intercepting the sent resource request message at 
a proxy located in the data networi< between the cli- 
ent and the content server; 
sending a header request from the proxy to the con- 
tort server requesting the content server to transmit 
a header, associated with the requested resource, 
to the proxy; 

receiving the header at the proxy and determining 
whether or not the header contains billing and/or 



access restrictions; 

in the event that the header does contain billing 
and/or access restrictions, authenticating the cB- 
ent's right to receive the requested resource: and 
5 providing the client is authenticated, delivering the 
resource request message from the proxy to the 
content server and subsequentiy downloading the 
resource from the conterrt server to the dienL 

10 (0006] Preferably, said step of authenticating the cB- 
ent's right to receive the requested resource comprises 
conducting an authentication dialogue with an Internet 
Sen/ice Broker (ISB). The ISB is a software server plat- 
form which centralizes the logistic s&vk:es on behalf of 

IS other content services. These logistic services include, 
witiiout limitation, client tientification and authentica- 
tion, access control to the netvM)rk resources. unHied 
billing interface and client kientification delivery for serv- 
ice customization. The present invention may provide a 

20 method lor implementing the interface for these logistic 
services for standard web senrer with standard HTML, 
such that there is no need to make any proprietary mod^ 
ificatioa 

[0007] The authentication step may additionally oom- 
25 prise a dialogue between the iSB and the dlent follow- 
ing the setting up of the dialogue between the proxy and 
the ISB. 

[0008] The present invention may be combined wHh 
the Internet Service Broker concept which is described 

30 In PCT/FI97/00426. 

[0009] Preferably, the proxy mediates and stores or 
caches data to minimize loading time of commonly 
requested resources. When a certain hypertext docu- 
ment is requested smral times from one or more cti- 

35 ents. the subsequent request(s) may be met by giving 
the already fetched document instead of requesting it 
again from the origkial source. This generaDy requires 
confirmation that the original document has not 
changed t>etween successive requests. 

40 [0010] The proxy may be a program running on a sep- 
arate computer device placed "in front' of the computer 
device on which the content server is running. AHerna- 
tivety, the proxy is a program running on the same com- 
puter as the content server. The proxy monitors the data 

45 traffic and provides the required logistic service when a 
certain HTTP message is detected. 
[001 1] According to a second aspect of the present 
invention there is provkied a proxy for controlling billing 
and access in a data network, the proxy comprising; 

50 

means for intercepting a resource request message 
sent from a client and intended for a content senrer ; 
means for sending a header request to the content 
server requesting the content server to transmit a 
55 header, associated with the requested resource, to 
the proxy; 

means for receiving the transmined header and for 
determining whettier or not the header contains biD- 
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ing and/or access restrictions; 

means for authenticating the cOent's right to receive 

the requested resource in the event that the header 

does contain billing and/or access restrictions: and 

means for delivering the resource request message 

to the content sender in the event that the client is 

authenticated. 

[0012] According to a third aspect of the present 
invention there is provided a computer memory 
encoded with executable instructions representing a 
computer program for causing a computer system con- 
nected to a data network to operate as a proxy, the 
proxy operating to: 

intercept a resource request message sent from a 

client and intended for a content server; 

send a header request to the content server 

requesting the content server to transmit a header, 

associated with the requested resource, to the 

proxy; 

receive the transmitted header and for determining 
whether or not the header contains billing and/or 
access restrictions; 

authenticate the client's right to receive the 
requested resource in the event that the header 
does contain billing and/or access restrictions; and 
detiver the resource request message to ttie con- 
tent server in the event that the client is authenti- 
cated. 

[0013] For a better understanding of the present 
invention and in order to show how the same may be 
carried into effect reference will now be made, by way of 
example, to tiie accompanying drawings, in which: 

Figure 1 is a schematic representation of the archi- 
tecture of an embodiment of the present invention; 
Figure 2 is a flow chart according to one embodi- 
ment of the present invention; and 
Figure 3 is a message semantic diagram according 
to one embodiment of the present invention. 

[0014] Figure 1 is a schematic presentation of the 
architecture of an embodiment of the present inverition. 
A User or dient 1 is the end user using a Worid Wide 
Web Browser which supports identification items which 
a WWW Server can give to the browser and which the 
browser stores and gives back orily to the server it orig- 
inally received them from. These information items, e.g. 
cooWes, enable the connection of several connection- 
less requests into a client session. 
[001 5] Proxy 2 is a software and/or hardware compo- 
nent that monitors the data traffic and takes care of the 
access control and billing using the Internet Service 
Broker (ISB) funcfionatity. WWW Server 3 is a standard 
httpd program which delivers an HTML page, and pos- 
sible images, sound and other digital data linked into the 



page, upon a client's request The WWW Server 3 sup- 
ports cfient defined headers by. for example, .htaccess 
access control mechanion. custom headers or ogi-bin 
programs. Most current WWW servers, for example 

5 APACHE ~ or those provided by NETSCAPE ~ or 
MICROSOFT ~, have this functionality. 
[001 6] WWW Data Store 4 is a file system, database 
or the Gke. where the client accessible data is stored, 
wtiilst ISB 5 is the Internet Service Broker wtiich defines 

w unified interfaces for dient identification and authentica- 
tion, and tor billing. Proxy Data Store 6 provides a cache 
in which the proxy 2 stores frequently requested docu- 
ments. 

(0017] Befbre describing the operation of a data 
IS retrieving system used by the network of Figure 1 , it is 
useful to describe the nature arxf role of the so-called 
'Header* wfiich is assodated with request reply mes- 
sages sent over the Internet. The Header is a part of the 
message packet which contains contrd data related to 
20 the packet For the purpose of the present example, 
these headers are part of the HTTP protocol (or HTTPS 
which is similar to HTTP but includes means for some 
security functionality). Thus, these headers have tiie fol- 
lowing form: 

25 

Header-field-name: value of the field 

in which the "Header-f ieU-name" specifies the narne of 
the header field and the "Value of the field" is a charac- 

30 ter string, starting after the field separator and ending 
with the next line feed. This header structure makes it 
relatively easy to add more functionality to the protocol 
by adding more fields, as long as the meaning of the 
existing fields is maintained. 

95 [001 q An example of such a field is 

Content-length: 5345 

where field name def hes that this field contains infor- 
40 mation about the amount of data in the message 
(exduding the header inforn>ation) and tiie number in 
the value part of the field is interpreted as the data 
amount in bytes as implidtiy defined by the mearting of 
field. The present method uses a packet that is built by 
4S following the same design principles as tiie protocol 
which ft relies upon. However, whilst the usual use o4 the 
protocol headers is point-to-point connections (i.e. con- 
trolling tiie traffic from the starting point to the end point) 
or between two hops (i.e. two nodes directiy connected 
50 togettier and interacting with each other), the use of the 
header fiekfs in this method is to allow interception at a 
node (the 'prox/) which is between the starting point 
and tiie end point. 

(001 9] The header is used to inform tiie intermediate 
55 node about billing information associated with a 
resource which can be purchased through a pMic con- 
nection network. e.g. the Internet, and which is interxled 
to be intercepted by the intermediate node and to be 
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redirected to a third node (the 'ISBT managino the 
actual billing. 

[0020] This method features a system in which the 
node from which the information originates, does not 
need to have a physical or even a logical connection to 
the node that manages the actual billing. Rather, the 
intermediate node interprets the billing information as 
presented by the originating node by using the conven- 
tions of the above mentioned protocol and using the 
header field or fields. The tntermediaKe node then nego- 
tiates the bUDng process with the third node responsible 
for the actual billing processes. 
[0021 ] Figure 2 presents a transaction flow for the sit- 
uation where a web page is requested from the WWW 
Server 3. Client 1 requests 10 a page from the WWW 
Server 3 either by writing a specific Universal Resource 
l-ocator (URL) Into its browser or by following a hyper- 
text link from some other hypertext document The 
browser dispatches a HTTP GET request The request 
is cached by the proxy 2 which handles all the requests 
directed to the WWW Server 3. The proxy requests the 
. header infomnation from the WWW Sender 3 by dis- 
patching 12 a HEAD htlp request In response to the 
HEAD request the WWW Server 3 sends 13 the header 
information associated with the requested document to 
the proxy 2. 

[0022] From this header information the proxy 2 
parses out the billing and access information relating to 
the requested web page (the embedding of billing data 
is desaibed In detail below). If the header information 
rei^eals that the requested resource has a price, but the 
proxy 2 has no valid cookie 14. the proxy 2 sends a bill- 
ing request 15 to the ISB 5. When receiving this 
request the ISB 5 attempts to identify the client 1 by 
identifying his tenfninal means. This can be done if the 
connection to the service is initiated from a toiown 
source such as an in-house modem bank or tele-opera- 
tor, or an ISP managed Internet Access Point. 
[0023] If the billing requires any additional information 
from the client 1. ISB 5 asks the proxy 2 to present the 
client 1 with an kJentification and conflrnnation page 18. 
Prior Id dispatching any dialogues, the proxy 2 sends a 
cookie 17 to the dienrs browser. In this way, it can later 
match the responses with correct requests. From now 
on the client 1 always sends the set cookie with every 
request directed to the proxy 2 or the WWW Sen/er 3. 
[0024] After receiving and filling the requested identi- 
fication or confirmation information, the client 1 sends 
the data and the cookie 19 back to the proxy 2. Using 
this information, the proxy 2 dispatches another billing 
request 20 to the ISB 5. After the ISB 5 acknowledges a 
successful billing, the proxy 2 attempts to locate the 
requested resource (or page) in its cache. If the 
resource is present in the cache, and the earlier 
retrieved header indicates that the resource remains 
valid, the proxy 2 delivers 24 the cached resource to the 
client 1. If the requested resource in not present in the 
cache, the original GET request is relayed 22 to the 



WWW Sender 3. Then the WWW Server sends the 
requested resource to the proxy 2. where it is cached 
and fofwaided 24 to the client 1. This ends the billing 
and access control transactions 25. 

5 [0025] Rgure 3 is a message semantic diagram for the 
above described process, where the messages marked 
with are not required if the billing can be done 
according to the identity of the User's terminal means. 
[0026] The following embodiment is used when the 

w present invention is implemented using the cBent 
defined HTTP header field with Apache WWW Server. 
The sen/er Is configured to add any new header Infbr- 
mation fields found at. for example, the .htaccess faes, 
These files are used to attach access restrictions on 

IS certain files or directories containing files or other direc- 
tories. The mechanism allows a default value to be 
specified for the whole directory or for specffic proprie- 
tary values for specific files. 

[0027] The following is an example ".htaccess" file 
20 which adds a new field "Price* to the HTTP messages. 

( Directory /usr/local/hltpd/commercial) 

Header set Price 2.50 

(/Directory) 

25 (Files Ajsryiocal/httpd/commercial/expensive.html > 
Header set Price 4.95 
(/Files) 

( Files Ajsr/local/htipd/commercial/cheapahtnrti > 
Header set Price 1.95 
30 (/Files) 



[0028] M\ files and directories located at the "commer- 
cial" directory are set to have a price of 2.50. In additton. 
the files "expensive.htmr and "cheapo.html" are explic- 

55 itiy set the prices of 4.95 and 1 .95 respectively. 

[0029] K will be appreciated by the person of skill in 
the art that various modHicatfons way be made to the 
above described embodiment without departing from 
the scope of the present invention. For example, whilst 

40 the above embodiment has been described with refer- 
ence to retrieving data from a WWW sender, the inven- 
tion may also be .applied to retrieving data from other 
types of data networtc servers and systems. 

45 Clainis 

1 . A method of downloading resources to a client from 
a content server over a data nebwork, the method 
being characterised by the steps of: 



50 
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sending a resource request message from the 
client; 

intercepting the sent resource request mes- 
sage at a proxy located in the data network 
between the client and the content senrer; 
sending a header request from the proxy to the 
content server requesting the content server to 
transmit a header, associated with the 
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requested resource, to the proxy; 

receiving the header at the proxy and determin- 

ing whether or not the header contains billing 

and/or access restrictions; 

in the event that the header does contain biDing 

and/or access restrictions, authenticating the 

cBent's right to receive the requested resource; 

and 

providing the client is authenticated, delivering 
the resource request message from the proxy 
to the content server and subsequently down- 
loading the resource from the content server to 
the client 

2. A method according to daim 1 . wherein the step of 
authenticating the client's right to receive the 
requested resource comprises conducting an 
authentication dialogue with an Internet Service 
Brolier(ISB}. 

3. A method according to claim 2. wherein the tSB is a 
software server platform which centralizes the 
logistic services on behalf of other content services. 

4. A method according to daim 2 or 3, wherein the 
authentication step additionaDy comprises a dla< 
logue between the tSB and the client following the 
setting up of the dialogue b^ween the proxy and 
the ISB. 

5. A method according to any one of the preceding 
claims, wherein the proxy caches previously 
requested resources to minimize loading time of 
commonly requested resources, the method com- 
prising determining whether or not a requested 
resource is present in Uie cache and. rf present 
whether or not the cached resource is valid based 
upon data contained in the received header, 
wherein if the resource is present and valid the 
resource is sent from the proxy to the client whilst 
said resource request message is not delivered 
from the proxy to the content server. 

6. A method according to any one of the preceding 
claims, wherein the proxy is a program running on a 
separate computer device placed in front of the 
computer device on which ttie content server is run- 
ning. 

7. A method according to any one claims 1 to 5. 
wherein the proxy is a program running on the 
same computer as the content server program. 

8. A method according to any one of the preceding 
claims, wherein the proxy conducts a confirmation 
dialogue with the client on the t^asis of instructions 
originating from an Internet Service Broker. 



9. A proxy for controlling biiling and access in a data 
networi<, the proxy comprising; 

means for intercepting a resource request 
5 message sent from a client and intended for a 

content server; 

means for sending a header request to the con- 
tent server reque^ng the content server to 
transmit a header, associated with the 

w requested resource, to the proxy; 

means fbr receiving the transmitted header and 
for detemiinfng whether or not the header con- 
tains bOling and/or access restrictions; 
means for authenticating the dienfs right to 

IS receive the requested resource In the event 

that the header does contain billing and/or 
access restrictions; and 
means for defivering tiie resource request mes- 
sage to the content server in the event that the 

20 dient is authenticated. 

10. A computer memory encoded with executable 
instructions representing a computer program for 
causing a computer system connected to a data 

25 networit to operate as a proxy, the proxy operating 
to: 

intercept a resource request message sent 
from a dient and intended for a content sender; 
30 send a header request to the content sen/er 

requesting tiie content sen/er to transmit a 
header, associated with the requested 
resource, to the proxy; 

receive the transmitted header and for deter- 
3S mining whettier or not the header contains bill- 

ing and/or access restrictions; 
authenticate ttie client's right to receive the 
requested resource in the event tiiat the header 
does contain biDing and/or access restrictions; 
40 and 

deGver the resource request message to the 
content server in ttie event that the client is 
autherrticated. 

45 
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